OpenAI has taken action after a security issue was discovered in a third-party developer tool that was part of a broader attack on the software supply chain. The incident involved Axios, a widely used library, which was temporarily compromised.
Although there is no indication that OpenAI’s user data or systems were actually affected, the company has decided to renew its macOS certificates as a precaution.
The vulnerability came to light on March 31, 2026, when a malicious version of Axios was distributed. It was retrieved via an automated GitHub Actions process that OpenAI uses to sign its macOS applications. That process had access to certificates used to digitally sign software, intended to confirm that applications actually originate from OpenAI.
According to the company, it is unlikely that these certificates were actually compromised. Various technical factors, such as the timing of the process and the way the certificates were loaded, significantly reduce that likelihood. Nevertheless, OpenAI is treating the situation as if a compromise may have occurred and has decided to revoke and replace the certificates.
New certificates should mitigate risk
The risk of a stolen certificate is that malicious actors could sign software that appears to be legitimate OpenAI software. To prevent that scenario, the company has rolled out new certificates and re-released existing macOS applications. At the same time, OpenAI is collaborating with Apple to ensure that software using the old certificate can no longer be approved.
For users, this means they must update their OpenAI apps on macOS to the latest versions. Older versions will no longer receive updates starting May 8, 2026, and may stop functioning. OpenAI emphasizes that updates must be performed exclusively through the applications themselves or via official download pages.
The investigation found no evidence that user data was accessed or that OpenAI products were tampered with. There are also no indications that malicious actors actually exploited the potentially compromised certificates. The company has also engaged an external forensic firm to analyze the incident. OpenAI also conducted additional checks on all signed software.
According to OpenAI, the problem stems from a configuration error in the automated build process. A so-called “floating tag” was used instead of a specific version reference, which inadvertently allowed a manipulated version of a dependency to be loaded. This procedure has since been modified to prevent a recurrence.
North Korean group behind the attack
The attack is part of a broader campaign aimed at compromising popular open-source projects. According to BleepingComputer, the activity is linked to a North Korean group. They gained access to a developer account through social engineering. By posing as a partner and using convincing communication channels such as Slack and Microsoft Teams, the attackers installed malware and ultimately published malicious code in the Axios library. This version included functionality that allowed systems to be remotely taken over.
Although the impact on OpenAI appears limited, the incident once again underscores the risks of dependencies in modern software development. The company states that user security and privacy remain central and emphasizes its commitment to transparency regarding incidents and the measures taken. OpenAI will also continue to monitor whether the old certificate is being misused and can expedite its revocation if necessary.